-.\"
-.\" mountd(8)
+.\"@(#)rpc.mountd.8"
.\"
.\" Copyright (C) 1999 Olaf Kirch <okir@monad.swb.de>
-.TH rpc.mountd 8 "25 Aug 2000"
+.\" Modified by Paul Clements, 2004.
+.\"
+.TH rpc.mountd 8 "31 Dec 2009"
.SH NAME
rpc.mountd \- NFS mount daemon
.SH SYNOPSIS
.SH DESCRIPTION
The
.B rpc.mountd
-program implements the NFS mount protocol. When receiving a MOUNT
-request from an NFS client, it checks the request against the list of
-currently exported file systems. If the client is permitted to mount
-the file system,
-.B rpc.mountd
-obtains a file handle for requested directory and returns it to
-the client.
-.SS Exporting NFS File Systems
-Making file systems available to NFS clients is called
-.IR exporting .
-.P
-Usually, a file system and the hosts it should be made available to
-are listed in the
-.B /etc/exports
-file, and invoking
-.B exportfs -a
-whenever the system is booted. The
+daemon implements the server side of the NFS MOUNT protocol,
+an NFS side protocol used by NFS version 2 [RFC1094] and NFS version 3 [RFC1813].
+.PP
+An NFS server maintains a table of local physical file systems
+that are accessible to NFS clients.
+Each file system in this table is referred to as an
+.IR "exported file system" ,
+or
+.IR export ,
+for short.
+.PP
+Each file system in the export table has an access control list.
+.B rpc.mountd
+uses these access control lists to determine
+whether an NFS client is permitted to access a given file system.
+For details on how to manage your NFS server's export table, see the
+.BR exports (5)
+and
.BR exportfs (8)
-command makes export information available to both the kernel NFS
-server module and the
-.B rpc.mountd
-daemon.
-.P
-Alternatively, you can export individual directories temporarily
-using
-.BR exportfs 's
-.IB host : /directory
-syntax.
+man pages.
+.SS Mounting exported NFS File Systems
+The NFS MOUNT protocol has several procedures.
+The most important of these are
+MNT (mount an export) and
+UMNT (unmount an export).
+.PP
+A MNT request has two arguments: an explicit argument that
+contains the pathname of the root directory of the export to be mounted,
+and an implicit argument that is the sender's IP address.
+.PP
+When receiving a MNT request from an NFS client,
+.B rpc.mountd
+checks both the pathname and the sender's IP address against its export table.
+If the sender is permitted to access the requested export,
+.B rpc.mountd
+returns an NFS file handle for the export's root directory to the client.
+The client can then use the root file handle and NFS LOOKUP requests
+to navigate the directory structure of the export.
.SS The rmtab File
-For every mount request received from an NFS client,
-.B rpc.mountd
-adds an entry to the
-.B /var/lib/nfs/rmtab
-file. When receiving an unmount request, that entry is removed.
-user level part of the NFS service.
-.P
-However, this file is mostly ornamental. One, the client can continue
-to use the file handle even after calling
-.B rpc.mountd 's
-UMOUNT procedure. And two, if a client reboots without notifying
-.B rpc.mountd ,
-a stale entry will remain in
-.BR rmtab .
+The
+.B rpc.mountd
+daemon registers every successful MNT request by adding an entry to the
+.I /var/lib/nfs/rmtab
+file.
+When receivng a UMNT request from an NFS client,
+.B rpc.mountd
+simply removes the matching entry from
+.IR /var/lib/nfs/rmtab ,
+as long as the access control list for that export allows that sender
+to access the export.
+.PP
+Clients can discover the list of file systems an NFS server is
+currently exporting, or the list of other clients that have mounted
+its exports, by using the
+.BR showmount (8)
+command.
+.BR showmount (8)
+uses other procedures in the NFS MOUNT protocol to report information
+about the server's exported file systems.
+.PP
+Note, however, that there is little to guarantee that the contents of
+.I /var/lib/nfs/rmtab
+are accurate.
+A client may continue accessing an export even after invoking UMNT.
+If the client reboots without sending a UMNT request, stale entries
+remain for that client in
+.IR /var/lib/nfs/rmtab .
.SH OPTIONS
.TP
.B \-d kind " or " \-\-debug kind
Ignored (compatibility with unfsd??).
.TP
.B \-p " or " \-\-port num
-Force
+Specifies the port number used for RPC listener sockets.
+If this option is not specified,
+.B rpc.mountd
+chooses a random ephemeral port for each listener socket.
+.IP
+This option can be used to fix the port value of
+.BR rpc.mountd 's
+listeners when NFS MOUNT requests must traverse a firewall
+between clients and servers.
+.TP
+.B \-H " or " \-\-ha-callout prog
+Specify a high availability callout program.
+This program receives callouts for all MOUNT and UNMOUNT requests.
+This allows
.B rpc.mountd
-to bind to the specified port num, instead of using the random port
-number assigned by the portmapper.
+to be used in a High Availability NFS (HA-NFS) environment.
+.IP
+The callout program is run with 4 arguments.
+The first is
+.B mount
+or
+.B unmount
+depending on the reason for the callout.
+The second will be the name of the client performing the mount.
+The third will be the path that the client is mounting.
+The last is the number of concurrent mounts that we believe the client
+has of that path.
+.IP
+This callout is not needed with 2.6 and later kernels.
+Instead, mount the nfsd filesystem on
+.IR /proc/fs/nfsd .
+.TP
+.BI "\-s," "" " \-\-state\-directory\-path " directory
+Specify a directory in which to place statd state information.
+If this option is not specified the default of
+.I /var/lib/nfs
+is used.
+.TP
+.BI "\-r," "" " \-\-reverse\-lookup"
+.B rpc.mountd
+tracks IP addresses in the
+.I rmtab
+file. When a DUMP request is made (by
+someone running
+.BR "showmount -a" ,
+for instance), it returns IP addresses instead
+of hostnames by default. This option causes
+.B rpc.mountd
+to perform a reverse lookup on each IP address and return that hostname instead.
+Enabling this can have a substantial negative effect on performance
+in some situations.
+.TP
+.BR "\-t N" " or " "\-\-num\-threads=N"
+This option specifies the number of worker threads that rpc.mountd
+spawns. The default is 1 thread, which is probably enough. More
+threads are usually only needed for NFS servers which need to handle
+mount storms of hundreds of NFS mounts in a few seconds, or when
+your DNS server is slow or unreliable.
.TP
.B \-V " or " \-\-nfs-version
This option can be used to request that
Print the version of
.B rpc.mountd
and exit.
-
+.TP
+.B \-g " or " \-\-manage-gids
+Accept requests from the kernel to map user id numbers into lists of
+group id numbers for use in access control. An NFS request will
+normally (except when using Kerberos or other cryptographic
+authentication) contains a user-id and a list of group-ids. Due to a
+limitation in the NFS protocol, at most 16 groups ids can be listed.
+If you use the
+.B \-g
+flag, then the list of group ids received from the client will be
+replaced by a list of group ids determined by an appropriate lookup on
+the server. Note that the 'primary' group id is not affected so a
+.B newgroup
+command on the client will still be effective. This function requires
+a Linux Kernel with version at least 2.6.21.
.SH TCP_WRAPPERS SUPPORT
-This
+You can protect your
.B rpc.mountd
-version is protected by the
+listeners using the
+.B tcp_wrapper
+library or
+.BR iptables (8).
+.PP
+Note that the
.B tcp_wrapper
-library. You have to give the clients access to
-.B rpc.mountd
-if they should be allowed to use it. To allow connects from clients of
-the .bar.com domain you could use the following line in /etc/hosts.allow:
-
-mountd: .bar.com
-
-You have to use the daemon name
+library supports only IPv4 networking.
+.PP
+Add the hostnames of NFS peers that are allowed to access
+.B rpc.mountd
+to
+.IR /etc/hosts.allow .
+Use the daemon name
.B mountd
-for the daemon name (even if the binary has a different name).
-
-For further information please have a look at the
+even if the
+.B rpc.mountd
+binary has a different name.
+.PP
+Hostnames used in either access file will be ignored when
+they can not be resolved into IP addresses.
+For further information see the
.BR tcpd (8)
and
.BR hosts_access (5)
-manual pages.
-
+man pages.
+.SS IPv6 and TI-RPC support
+TI-RPC is a pre-requisite for supporting NFS on IPv6.
+If TI-RPC support is built into
+.BR rpc.mountd ,
+it attempts to start listeners on network transports marked 'visible' in
+.IR /etc/netconfig .
+As long as at least one network transport listener starts successfully,
+.B rpc.mountd
+will operate.
+.SH FILES
+.TP 2.5i
+.I /etc/exports
+input file for
+.BR exportfs ,
+listing exports, export options, and access control lists
+.TP 2.5i
+.I /var/lib/nfs/rmtab
+table of clients accessing server's exports
.SH SEE ALSO
-.BR rpc.nfsd (8),
.BR exportfs (8),
.BR exports (5),
-.BR rpc.rquotad (8).
-.SH FILES
-.BR /etc/exports ,
-.BR /var/lib/nfs/xtab .
+.BR showmount (8),
+.BR rpc.nfsd (8),
+.BR rpc.rquotad (8),
+.BR nfs (5),
+.BR tcpd (8),
+.BR hosts_access (5),
+.BR iptables (8),
+.BR netconfig (5)
+.sp
+RFC 1094 - "NFS: Network File System Protocol Specification"
+.br
+RFC 1813 - "NFS Version 3 Protocol Specification"
.SH AUTHOR
Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
projects / nfs-utils.git / blobdiff